The Eucalyptus Security Team rates the potential impact of each vulnerability that affects Eucalyptus software using a four point scale, similarly to other software vendors. All vulnerabilities are rated as either Critical, Important, Moderate, or Low impact. The rating of each vulnerability is based on a technical evaluation and the actual risk may vary depending on your deployment environment. The severity rating in a Eucalyptus Security Advisory (ESA) is intended as a guide to help you recognize the most important updates, and the description of the issue in the advisory should be used to determine the impact on your system .
Critical — Exploitation may allow to gain administrative privileges either in the cloud or on the machines hosting Eucalyptus. Preconditions for the exploitation can be easily met and exploitation is relatively straightforward.
Important — Exploitation does not result in elevated privileges, or if it does, exploitation is non-trivial and may require several preconditions to be met.
Moderate — Exploitation of the vulnerability is mitigated by a number of preconditions that are difficult to meet, such as nonstandard configuration parameters or a successful social engineering attack, and/or the exploitation has a limited impact.
Low — Any other security-related issue that might be assigned a higher severity rating, but the exploitation of the issue requires unlikely conditions or configuration or has an extremely minimal impact.
